Keystore can't contain more than one KP_relaysign_ed key
The RelaySigningKeySpecifier
is currently defined as:
#[non_exhaustive]
#[derive(Deftly, PartialEq, Debug, Constructor)]
#[derive_deftly(KeySpecifier)]
#[deftly(prefix = "relay")]
#[deftly(role = "KP_relaysign_ed")]
#[deftly(summary = "Relay medium-term signing keypair")]
/// The key sepcifier of the relay medium-term signing key (RelaySigningKeypair)
pub struct RelaySigningKeySpecifier;
This means there can only be a single relaysign_ed
key with an ArtiPath
of the form relay/KP_relaysign_ed
. This is a problem, because relays storing their identity key offline will want to generate a number of relaysign_ed
keys ahead of time, so we need the keystores to be able to contain multiple such keys. We will need their ArtiPath
to encode a variable component (for example, a timestamp).
We also need to teach KeyMgr
to retrieve such keys (KeyMgr::get
should return the first key that has a valid and timely certificate).
This will involve extending the KeySpecifier
trait with a function for obtaining the KeySpecifier
of the certificate of the key, if there is one.
Edited by gabi-250